Malware Analysis - Intro to RE - Lecture 2 [CS7038]

in #science6 years ago

This is the second lecture of the malware analysis course taught by Professor Coleman Kane. It's a one hour lecture comprising of the following topics:

  • inspecting raw pdfs
  • creating a python parser
  • looking into exiftool
  • how to use pdf-parser
  • extracting stream data with pdf-container
  • analyzing extracted streams
  • and more.

So, as you might have expected, this has a lot to do with analyzing pdf files. The title of the lecture is analyzing the attack with basic tools. Some students might not be too interested of this lecture, and here I also speak for myself. It seems a bit boring, but nevertheless, it is really important!

Why?

Because there are so many documents (as pdf) circulating freely over the internet and it is very important to know how to assess whether or not a document you might be opening could potentially lead to infection or data leakage.



To stay in touch with me, follow @cristi


Cristi Vlad Self-Experimenter and Author